Awesome, I was just looking at container.js and wondering what was locked-domain. Thanks for the fast response.
Gabriel On Wed, Oct 13, 2010 at 8:40 PM, John Hjelmstad <[email protected]> wrote: > Hi Gabriel: > > This is precisely what the "locked-domain" feature does. > > The default implementation in Shindig - which Google uses - is to generate > a > URL w/ prefix base32(sha1(gadgetUrl)). > > This occurs when: > A) the gadget requires "locked-domain" explicitly > B) the gadget requires another feature that has a <dependency> on > locked-domain > C) the container is set up (in its ContainerConfig, via key > "gadgets.uri.iframe.lockedDomainRequired" with type boolean) to demand > locked-domain for all renders > > The validation algorithm is thus: > A. when a gadget requires locked-domain, it MUST have a locked-domain > prefix. > B. if the domain on which a gadget is rendered has *any* valid > locked-domain > *suffix*, mark as invalid. > > Doing this ensures the domain isolation of each gadget. > > The bulk of this functionality is implemented in the Java implementation > in: > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java > > INVALID_DOMAIN is returned in the mismatched cases. locked-domain URLs are > generated if (usingLockedDomain(...)). > > The default prefix generator is: > > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java > > --j > > On Wed, Oct 13, 2010 at 4:29 PM, Gabriel Guardincerri <[email protected] > >wrote: > > > Hi, > > > > We would like increase the security of each gadget by having each one in > a > > different subdomain. This is, have each iframe in a different subdomain > to > > use the cross-domain security of the browsers. > > We found that we can define the urls using our own container.js, but > > there's > > no way to assign a different subdomain for each gadget. So, is there a > way > > to make that more dynamic, or to do something else to have a different > > subdomain for each gadget? > > > > Thanks, > > > > Gabriel > > >
